Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 4125 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to correctly configure WinXP VDI on ESX Server to work with SafeGuard and vmview with SSO

_JOEL_

Ran into some issues with Windows XP VDI's and VMWare ESX Server.  We also use VMView to automate single sign-on and I'm sure many of us have had our share of GINA issues.  Well I figured out how to resolve them using a combination documentation from VMWare and Sophos SafeGuard as I found that doing this was a little complex but not completely documented so I thought I would share.  This has been tested  in our ESX production environment and will get windows XP VDI's that use VMVIEW with or without SSO to log into their VDI's without breaking anything, generaiting errors in the bootup process with the GINA's, or freezing during startup making the VDI unavailable.

During the install process run the following registry editing commands, NOTE these are from a quick batch file I put together to modify our install process for VDI.  You can use whatever language or registry editing tools for you install you want to get the same results.

:: SafeGuard GINA needs to be first
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v GinaDLL /t REG_SZ /d "sggina.dll"

:: Set second GINA in chain after VJMWARE to SafeGuard so that vmware will pass authentication to back SafeGuard
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v vdmGinaChainDLL /t REG_SZ /d "sggina.dll"

:: Set the SafeGuard GINA sggina.dll to pass back to the VMWARE GINA
REG ADD "HKLM\SOFTWARE\Utimaco\SafeGuard Enterprise\Authentication" /v OriginalGina /t REG_SZ /d "C:\Program Files\VMware\VMware View\Agent\bin\wsgina.dll" /f

:: Only required for windows XP. Tells SafeGuard that passing back to VMWARE GINA is ok so it won't gen a bootup error!
REG ADD "HKLM\Software\Utimaco\SafeGuard Enterprise\Authentication" /v KnownGina /t REG_DWORD /d 0x00000001 /f

As long as these are set at install time you shouldn't get any bootup errors with windows XP VDI or lockouts during boot time. This assumes you aren't chaining  more than 2 3rd party GINAs or there isn't something else changing your GINA entries back to something else, SafeGuard isn't the only software that detects registry GINA changes and sets them to something else expected which is something to watch out for.  This resolved by bootup freezing and GINA startup errors issues when testing this with our WinXP VDI farm with ESX server 4.6 and 5.2 with VMView.

:37923


This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML